Blocked IPs

Blocked IPs are located on the first tab of the Blocking page on the Wordfence menu.

The Blocked IPs page shows you which IP's have been blocked, locked out from being able to login and "throttled" for accessing the site too frequently. We'll cover each tab shown here in detail and explain what they mean and how to use the information you're shown.

At the top of this page you will find options to clear all blocked IP addresses, clear all locked out IP addresses and you can also manually add an IP address to the list of blocked IPs. You will also find a link next to each IP address that lets you unblock or unlock their access to your site.

Each IP address also includes its location at the city level if that information is available or the country level if it's not. This helps you diagnose which geographic area most attacks or malicious behavior are originating from.

IP's that are blocked from accessing the site

These are IP addresses that are blocked. If a visitor, crawler, automated bot or hacker tries to access your website from the IP shown in this list, they will receive a message saying that their access has been limited and it will include red text that displays a reason their access has been limited.

Note that there are other ways to block visitors from access your website. For example you can block their range of IP addresses or their country and blocking in this way will not cause the visitor IP to appear on this page because you're blocking their entire range or their country rather than their individual IP address. The list of blocked IPs you're shown on the blocked IP's tab on this page show individual IP addresses that have been blocked.

For example, if a visitor tries to sign-into your site and exceeds the maximum allowed number of failures, they will be locked out from trying to sign-in again for the amount of time you've specified in the wordfence login security options.

When a visitor's IP address is locked out, they can access the rest of your website, but they can't sign-in until the lock-out has expired. This is a way to keep hackers from signing into your website, but ensure that the security mechanism is focused on protecting your login system and doesn't block access to the rest of the website.

IPs who were recently throttled for accessing the site too frequently

Wordfence provides a third mechanism which lets you limit access to your website. As part of our product we include a rate limiting Firewall. This lets you limit how many pages visitors and automated crawlers can access on your website per minute. If they exceed the limits you've specified, they will temporarily have their access revoked and will receive a message saying their access to your site has been temporarily limited and they should try again in a few minutes.

Wordfence counts the rate at which requests occur to your website over 1 minute windows. So we provide limits that define the number of requests from an IP address per minute. If you have defined a limit of 200 requests per minute and 199 of those requests are generated in the last 10 seconds of a minute and another 199 are generated in the first 10 seconds of the next minute, and no other requests are generated, then the visitor will not be throttled. However, if 201 requests occur within a single minute, the 201th request will be throttled and the visitor will be throttled for the rest of that minute. This level of granularity provides a good compromise between security and performance.